News Stay informed about the latest enterprise technology news and product updates.

Patching, updating keep Nachi at bay

The Nachi worm attempts to delete the Lovsan/Blaster worm and patch the vulnerability in Windows systems it exploits. These tips can help keep you safe from Nachi and Lovsan.

Companies can take a few steps to prevent getting infected from the Nachi worm. Protecting against Nachi will also help prevent getting hit with Lovsan and other worms that exploit the RPC-DCOM vulnerability. These tips highlight ways to keep Nachi out.

Patch, patch, patch: The best way to prevent getting hit by the Nachi worm is patching the flaw it exploits. By installing the RPC-DCOM patch from Microsoft, one also protects against the Lovsan worm and all its variants. Doing such would also prevent infection from future worms that target the vulnerability. Also, one should install the patch for the Windows WebDav as there have been reports that the worm tries to exploit that as well. That flaw is found in Windows 2000, Windows XP and Windows NT 4.0.

Update, update, update: Updating antivirus signature files is another way to prevent infection from the Nachi worm. But it only helps address that specific worm, not others such as Lovsan that also target the RPC-DCOM vulnerability. Care should be taken to ensure remote offices and telecommuters (who don't get e-mail through a VPN connection) have the pattern file for Nachi.

Block port 135:Nachi spreads by scanning port 135 for systems with the RPC vulnerability. Blocking the port would help prevent infection but some business may need it open for applications to work properly.

Install desktop personal firewalls: Virtually all businesses of any size have gateway firewalls but personal firewalls aren't so pervasive. They offer a wide range of protection, including the ability to stop Nachi and Lovsan from infecting vulnerable systems.

Secure network file shares: Nachi can spread within a network using Windows network shares. Companies need to make sure access to network shares is controlled and well-documented.


Virus Alert -- Sobig-F and Nachi news exclusive: "Simple steps stem Sobig-F's progress" news exclusive: "Emergence of Sobig-F adds to malware mess" news exclusive: "Benevolent Nachi worm doing more harm than good" Ask the Experts

FEEDBACK: How do you prioritize your patching processes?
Send your feedback to the news team.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.